scholarly journals Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

2022 ◽  
Vol 54 (9) ◽  
pp. 1-35
Author(s):  
Bing Zhang ◽  
Jingyue Li ◽  
Jiadong Ren ◽  
Guoyan Huang
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Vulnerability Detection ◽  
Research Gaps ◽  
Systematic Analysis ◽  
Study Results ◽  
Efficiency And Effectiveness ◽  
Technical Details ◽  
Effectiveness And Efficiency ◽  
Test Suites

Most existing surveys and reviews on web application vulnerability detection (WAVD) approaches focus on comparing and summarizing the approaches’ technical details. Although some studies have analyzed the efficiency and effectiveness of specific methods, there is a lack of a comprehensive and systematic analysis of the efficiency and effectiveness of various WAVD approaches. We conducted a systematic literature review (SLR) of WAVD approaches and analyzed their efficiency and effectiveness. We identified 105 primary studies out of 775 WAVD articles published between January 2008 and June 2019. Our study identified 10 categories of artifacts analyzed by the WAVD approaches and 8 categories of WAVD meta-approaches for analyzing the artifacts. Our study’s results also summarized and compared the effectiveness and efficiency of different WAVD approaches on detecting specific categories of web application vulnerabilities and which web applications and test suites are used to evaluate the WAVD approaches. To our knowledge, this is the first SLR that focuses on summarizing the effectiveness and efficiencies of WAVD approaches. Our study results can help security engineers choose and compare WAVD tools and help researchers identify research gaps.

scholarly journals Usage Of Asp.Net Ajax for Binus School Serpong Web Applications

2016 ◽  
Vol 7 (1) ◽  
pp. 29
Author(s):  
Karto Iskandar ◽  
Andrew Thejo Putranto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Communication Tool ◽  
Literature Study ◽  
Rich Internet Application ◽  
Current Time ◽  
Internet Users ◽  
Desktop Application ◽  
Study Results ◽  
C Programming

Today web applications have become a necessity and many companies use them as a communication tool to keep in touch with their customers. The usage of Web Application in current time increases as the numberof internet users has been rised. For reason of Rich Internet Application, the desktop application developer wasmoved to web application developer with AJAX technology. BINUS School Serpong is a Cambridge Curriculum base International School that uses web application for access every information about the school. By usingAJAX, performance of web application should be improved and the bandwidth usage is decreased. Problems thatoccur at BINUS School Serpong is not all part of the web application that uses AJAX. This paper introducesusage of AJAX in ASP.NET with C# programming language in web application BINUS School Serpong. It is expected by using ASP.NET AJAX, BINUS School Serpong website performance will be faster because of reducing web page reload. The methodology used in this paper is literature study. Results from this study are to prove that the ASP.NET AJAX can be used easily and improve BINUS School Serpong website performance. Conclusion of this paper is the implementation of ASP.NET AJAX improves performance of web application in BINUS School Serpong.

ANALYZING AND IMPROVING WEB APPLICATION QUALITY USING DESIGN PATTERNS

2012 ◽  
Vol 2 (2) ◽  
pp. 112-116
Author(s):  
Shikha Bhatia ◽  
Mr. Harshpreet Singh
Keyword(s):  
Web Application ◽  
Design Pattern ◽  
Design Patterns ◽  
Web Applications ◽  
Past Research ◽  
Software Systems ◽  
Interactive Software ◽  
Web Based ◽  
Software Application ◽  
Execution Speed

With the mounting demand of web applications, a number of issues allied to its quality have came in existence. In the meadow of web applications, it is very thorny to develop high quality web applications. A design pattern is a general repeatable solution to a generally stirring problem in software design. It should be noted that design pattern is not a finished product that can be directly transformed into source code. Rather design pattern is a depiction or template that describes how to find solution of a problem that can be used in many different situations. Past research has shown that design patterns greatly improved the execution speed of a software application. Design pattern are classified as creational design patterns, structural design pattern, behavioral design pattern, etc. MVC design pattern is very productive for architecting interactive software systems and web applications. This design pattern is partition-independent, because it is expressed in terms of an interactive application running in a single address space. We will design and analyze an algorithm by using MVC approach to improve the performance of web based application. The objective of our study will be to reduce one of the major object oriented features i.e. coupling between model and view segments of web based application. The implementation for the same will be done in by using .NET framework.

THE USE OF WEB APPLICATIONS FOR THE SELECTION OF CROP GROWING TECHNOLOGIES

2018 ◽  
Vol 48 (3) ◽  
pp. 84-90 ◽  
Author(s):  
E. A. Lapchenko ◽  
S. P. Isakova ◽  
T. N. Bobrova ◽  
L. A. Kolpakova
Keyword(s):  
Web Application ◽  
Crop Production ◽  
Web Applications ◽  
Weather Forecast ◽  
Technical Institute ◽  
Software Complex ◽  
Agricultural Enterprise ◽  
Weather Situation ◽  
The Web ◽  
Selection Of

It is shown that the application of the Internet technologies is relevant in the selection of crop production technologies and the formation of a rational composition of the machine-and-tractor fl eet taking into account the conditions and production resources of a particular agricultural enterprise. The work gives a short description of the web applications, namely “ExactFarming”, “Agrivi” and “AgCommand” that provide a possibility to select technologies and technical means of soil treatment, and their functions. “ExactFarming” allows to collect and store information about temperature, precipitation and weather forecast in certain areas, keep records of information about crops and make technological maps using expert templates. “Agrivi” allows to store and provide access to weather information in the fi elds with certain crops. It has algorithms to detect and make warnings about risks related to diseases and pests, as well as provides economic calculations of crop profi tability and crop planning. “AgCommand” allows to track the position of machinery and equipment in the fi elds and provides data on the weather situation in order to plan the use of agricultural machinery in the fi elds. The web applications presented hereabove do not show relation between the technologies applied and agro-climatic features of the farm location zone. They do not take into account the phytosanitary conditions in the previous years, or the relief and contour of the fi elds while drawing up technological maps or selecting the machine-and-tractor fl eet. Siberian Physical-Technical Institute of Agrarian Problems of Siberian Federal Scientifi c Center of AgroBioTechnologies of the Russian Academy of Sciences developed a software complex PIKAT for supporting machine agrotechnologies for production of spring wheat grain at an agricultural enterprise, on the basis of which there is a plan to develop a web application that will consider all the main factors limiting the yield of cultivated crops.

scholarly journals A Personalized Machine-Learning-Enabled Method for Efficient Research in Ethnopharmacology. The Case of the Southern Balkans and the Coastal Zone of Asia Minor

2021 ◽  
Vol 11 (13) ◽  
pp. 5826
Author(s):  
Evangelos Axiotis ◽  
Andreas Kontogiannis ◽  
Eleftherios Kalpoutzakis ◽  
George Giannakopoulos
Keyword(s):  
Machine Learning ◽  
Coastal Zone ◽  
Extraction Process ◽  
Asia Minor ◽  
Efficiency And Effectiveness ◽  
Effectiveness And Efficiency ◽  
Intelligent Tools ◽  
Southern Balkans

Ethnopharmacology experts face several challenges when identifying and retrieving documents and resources related to their scientific focus. The volume of sources that need to be monitored, the variety of formats utilized, and the different quality of language use across sources present some of what we call “big data” challenges in the analysis of this data. This study aims to understand if and how experts can be supported effectively through intelligent tools in the task of ethnopharmacological literature research. To this end, we utilize a real case study of ethnopharmacology research aimed at the southern Balkans and the coastal zone of Asia Minor. Thus, we propose a methodology for more efficient research in ethnopharmacology. Our work follows an “expert–apprentice” paradigm in an automatic URL extraction process, through crawling, where the apprentice is a machine learning (ML) algorithm, utilizing a combination of active learning (AL) and reinforcement learning (RL), and the expert is the human researcher. ML-powered research improved the effectiveness and efficiency of the domain expert by 3.1 and 5.14 times, respectively, fetching a total number of 420 relevant ethnopharmacological documents in only 7 h versus an estimated 36 h of human-expert effort. Therefore, utilizing artificial intelligence (AI) tools to support the researcher can boost the efficiency and effectiveness of the identification and retrieval of appropriate documents.

scholarly journals In Silico Structural Modeling and Analysis of Interactions of Tremellomycetes Cytochrome P450 Monooxygenases CYP51s with Substrates and Azoles

2021 ◽  
Vol 22 (15) ◽  
pp. 7811
Author(s):  
Olufunmilayo Olukemi Akapo ◽  
Joanna M. Macnar ◽  
Justyna D. Kryś ◽  
Puleng Rosinah Syed ◽  
Khajamohiddin Syed ◽  
...  
Keyword(s):  
Cytochrome P450 ◽  
Structural Analysis ◽  
In Silico ◽  
Web Application ◽  
Cytochrome P450 Monooxygenases ◽  
Agglomerative Clustering ◽  
Ligand Complex ◽  
P450 Monooxygenase ◽  
Study Results

Cytochrome P450 monooxygenase CYP51 (sterol 14α-demethylase) is a well-known target of the azole drug fluconazole for treating cryptococcosis, a life-threatening fungal infection in immune-compromised patients in poor countries. Studies indicate that mutations in CYP51 confer fluconazole resistance on cryptococcal species. Despite the importance of CYP51 in these species, few studies on the structural analysis of CYP51 and its interactions with different azole drugs have been reported. We therefore performed in silico structural analysis of 11 CYP51s from cryptococcal species and other Tremellomycetes. Interactions of 11 CYP51s with nine ligands (three substrates and six azoles) performed by Rosetta docking using 10,000 combinations for each of the CYP51-ligand complex (11 CYP51s × 9 ligands = 99 complexes) and hierarchical agglomerative clustering were used for selecting the complexes. A web application for visualization of CYP51s’ interactions with ligands was developed (http://bioshell.pl/azoledocking/). The study results indicated that Tremellomycetes CYP51s have a high preference for itraconazole, corroborating the in vitro effectiveness of itraconazole compared to fluconazole. Amino acids interacting with different ligands were found to be conserved across CYP51s, indicating that the procedure employed in this study is accurate and can be automated for studying P450-ligand interactions to cater for the growing number of P450s.

scholarly journals A Sign of Things to Come: Predicting the Perception of Above-the-Fold Time in Web Browsing

2021 ◽  
Vol 13 (2) ◽  
pp. 50
Author(s):  
Hamed Z. Jahromi ◽  
Declan Delaney ◽  
Andrew Hines
Keyword(s):  
Web Application ◽  
Web Applications ◽  
State Of The Art ◽  
Influencing Factor ◽  
The State ◽  
Experimental Result ◽  
Web Page ◽  
To Come ◽  
Web Quality ◽  
The Web

Content is a key influencing factor in Web Quality of Experience (QoE) estimation. A web user’s satisfaction can be influenced by how long it takes to render and visualize the visible parts of the web page in the browser. This is referred to as the Above-the-fold (ATF) time. SpeedIndex (SI) has been widely used to estimate perceived web page loading speed of ATF content and a proxy metric for Web QoE estimation. Web application developers have been actively introducing innovative interactive features, such as animated and multimedia content, aiming to capture the users’ attention and improve the functionality and utility of the web applications. However, the literature shows that, for the websites with animated content, the estimated ATF time using the state-of-the-art metrics may not accurately match completed ATF time as perceived by users. This study introduces a new metric, Plausibly Complete Time (PCT), that estimates ATF time for a user’s perception of websites with and without animations. PCT can be integrated with SI and web QoE models. The accuracy of the proposed metric is evaluated based on two publicly available datasets. The proposed metric holds a high positive Spearman’s correlation (rs=0.89) with the Perceived ATF reported by the users for websites with and without animated content. This study demonstrates that using PCT as a KPI in QoE estimation models can improve the robustness of QoE estimation in comparison to using the state-of-the-art ATF time metric. Furthermore, experimental result showed that the estimation of SI using PCT improves the robustness of SI for websites with animated content. The PCT estimation allows web application designers to identify where poor design has significantly increased ATF time and refactor their implementation before it impacts end-user experience.

scholarly journals A Mobile and Web Application for Mapping Disaster Volunteers’ Position in Indonesia

2017 ◽  
Vol 11 (3) ◽  
pp. 98 ◽  
Author(s):  
Theresia Devi Indriasari ◽  
Kusworo Anindito ◽  
Eddy Julianto ◽  
Bertha Laroha Paraya Pangaribuan
Keyword(s):  
Disaster Management ◽  
Web Application ◽  
Web Applications ◽  
Management Service ◽  
Tectonic Plates ◽  
Location Data ◽  
Before And After ◽  
Disaster Situation ◽  
The Government ◽  
To Receive

<span>Indonesia is a country located on top of some tectonic plates that bring potential natural disasters. Disaster management system is considered essential in controlling the situation in the site both before and after the disaster takes place. In disaster situation, the government and society are involved in a volunteer team in order to help minimize victims and support survivors. However, the volunteering activities are often hindered since there are problems in the disaster site. One of the problems is late responses due to poor coordination among volunteers that drives the delay in disaster relief. Therefore, it is necessary to have an application that maps the positions of volunteers in a disaster site, so that the disaster management coordinator can disseminate volunteers to disaster areas based on needs. The purpose of the study is to propose an application called ‘MyMapVolunteers’ that effectively and efficiently detects the position of the volunteers in order to improve disaster management service. In this case, real time and location based service technology will able to detect the position of each volunteer. ‘MyMapVolunteers’ is composed of two platforms, which are mobile and web applications. Mobile platform is an application that uses GPS function provided by the smartphone to find the volunteers’ location coordinates and then send the data of the location automatically and manually. The web platform is used to receive volunteers’ location data and to present them in google map, therefore disaster management coordinator can monitor the positions of and search for volunteers faster.</span>

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications

2021 ◽  
Vol 31 (05) ◽  
pp. 655-675
Author(s):  
Thanh-Nhan Luong ◽  
Hanh-Phuc Nguyen ◽  
Ninh-Thuan Truong
Keyword(s):  
Access Control ◽  
Programming Languages ◽  
Web Application ◽  
Web Applications ◽  
Implementation Process ◽  
Record Management ◽  
Role Based Access Control ◽  
Security Issue ◽  
Control Policies ◽  
Access Control Policies

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

2021 ◽  
Vol 1 ◽  
pp. 84-90
Author(s):  
Rustam Kh. Khamdamov ◽  
◽  
Komil F. Kerimov ◽  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Personal Information ◽  
Database Security ◽  
Security Threats ◽  
Web Application Security ◽  
Application Security ◽  
Client Request ◽  
Database Protection ◽  
Information Bank

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

Sign in / Sign up

Export Citation Format

Share Document